<?php
	/* -------------------------------------------------------------------
	IOU - expense sharing system 
	Copyright (C) 2009 - Mischa Spelt (m.spelt@gmail.com)
	
	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.
	
	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.
	
	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.
	
	------------------------------------------------------------------- */

	include_once("lib/lib.main.php");
	include "lib/newuser.php";

	// Handle actions: login, newuser, newpassword
	$redirectTo = isset($_POST['redirectTo']) ? $_POST['redirectTo'] : $_SESSION['afterLogin'];

	if(isset($_POST['logout'])) { unset($_SESSION['hash']); unset($_SESSION['user']); unset($user); }
	if(isset($_POST['login'])) {
		$user = $db->q("maybetuple SELECT ID, Login, Password FROM Users WHERE LOWER(Login) = %s AND Password = PASSWORD(%s)", strtolower($_POST['username']), $_POST['password']);
		if($user) {
			$_SESSION['user'] = $user['ID'];
			$_SESSION['hash'] = md5($user['Login'] . $user['Password'] . session_id());
			unset($_SESSION['afterLogin']);
			$gUser = $db->q("tuple SELECT * FROM Users WHERE ID = %i", $_SESSION['user']);
			$db->q("INSERT INTO Logins(UserID, IP) VALUES(%i, %s)", $user['ID'], $_SERVER['REMOTE_ADDR']);
			if($redirectTo) header("Location: $redirectTo");
			exit;
		}
	}
	if(isset($_POST['newpass'])) {
		$user = $db->q("maybevalue SELECT ID FROM Users WHERE LOWER(Login) = %s AND LOWER(Email) = %s", strtolower($_POST['username']), strtolower($_POST['email']));
		if($user) createPassword($user['ID']);
	}
	if(isset($_POST['newuser'])) {
		addUser($_POST['username'], $_POST['username'], $_POST['email']);
	}

	print_header("Login");

	if(!isloggedin()):	
?>
<h1>Log in</h1>
<form method=post>
<input type='hidden' name='redirectTo' value='<?php echo $redirectTo; ?>' />
<table>
<tr class='gray'> <td><label for='username'><span class='accesskey'>U</span>sername:</label></td> <td> <input type='text' name='username' id='username' accesskey='U'></td></tr>
<tr> <td>Password</td> <td> <input type='password' name='password'></td></tr>
<tr class='gray'> <td colspan='2' style='text-align: center;'> <input type='submit' name='login' accesskey='I' value='Log in'> <input type='reset' value='Reset'> </td> </tr>
</table>
</form>

<h1>Request new password</h1>
<form method=post>
<table>
<tr class='gray'> <td>Username</td> <td> <input type='text' name='username'></td></tr>
<tr> <td>E-mail address</td> <td> <input type='text' name='email'></td></tr>
<tr class='gray'> <td colspan='2' style='text-align: center;'> <input type='submit' name='newpass' value='Request a new password'> </td> </tr>
</table>
</form>

<h1>New user</h1>
<form method=post>
<table>
<tr class='gray'> <td>Username</td> <td> <input type='text' name='username'></td></tr>
<tr> <td>E-mail address</td> <td> <input type='text' name='email'></td></tr>
<tr class='gray'> <td colspan='2' style='text-align: center;'> <input type='submit' name='newuser' value='Create user account'> </td> </tr>
</table>
</form>
<?php
	focusOn('username');
	else:
?>
		<h1>Log out</h2>
		<form method=post>
<table>
<tr class='gray'> <td>Logged in:</td> <td> <?php echo $gUser['DisplayName']; ?></td></tr>
<tr class='gray'> <td colspan='2' style='text-align: center;'> <input type='submit' name='logout' accesskey='T' value='Terminate session'> </td> </tr>
</table>
</form>
<?php
	endif;
	print_footer();
?>
